{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-27T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "23984", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23984"}, {"name": "ADV-2008-1155", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1155/references"}, {"name": "SSRT080018", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"}, {"name": "RHSA-2006:0743", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2006-0743.html"}, {"name": "30767", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/30767"}, {"name": "21219", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21219"}, {"name": "ADV-2006-4724", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4724"}, {"name": "23095", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23095"}, {"name": "HPSBST02318", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"}, {"name": "29726", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29726"}, {"name": "20061128 Re: SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/452862/100/100/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://jira.jboss.com/jira/browse/ASPATCH-126"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html"}, {"name": "1017289", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017289"}, {"name": "SUSE-SR:2007:002", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html"}, {"name": "ADV-2007-0554", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0554"}, {"name": "ADV-2006-4726", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4726"}, {"name": "24104", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24104"}, {"name": "20061127 SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/452830/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://jira.jboss.com/jira/browse/JBAS-3861"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:04:54.589Z"}, "title": "CVE Program Container", "references": [{"name": "23984", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23984"}, {"name": "ADV-2008-1155", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1155/references"}, {"name": "SSRT080018", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"}, {"name": "RHSA-2006:0743", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2006-0743.html"}, {"name": "30767", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/30767"}, {"name": "21219", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21219"}, {"name": "ADV-2006-4724", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4724"}, {"name": "23095", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23095"}, {"name": "HPSBST02318", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"}, {"name": "29726", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29726"}, {"name": "20061128 Re: SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/452862/100/100/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://jira.jboss.com/jira/browse/ASPATCH-126"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html"}, {"name": "1017289", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017289"}, {"name": "SUSE-SR:2007:002", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html"}, {"name": "ADV-2007-0554", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0554"}, {"name": "ADV-2006-4726", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4726"}, {"name": "24104", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24104"}, {"name": "20061127 SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/452830/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://jira.jboss.com/jira/browse/JBAS-3861"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2006-5750", "datePublished": "2006-11-27T20:00:00", "dateReserved": "2006-11-06T00:00:00", "dateUpdated": "2024-08-07T20:04:54.589Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jboss:jboss_application_server:3.2.5_final:*:*:*:*:*:*:*", "matchCriteriaId": "9BA0BFE2-246F-4F9D-9698-23B7A453C627", "vulnerable": true}, {"criteria": "cpe:2.3:a:jboss:jboss_application_server:3.2.6_final:*:*:*:*:*:*:*", "matchCriteriaId": "5415149C-6EF9-4B94-ABDA-3F52B9A871E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:jboss:jboss_application_server:3.2.7_final:*:*:*:*:*:*:*", "matchCriteriaId": "0A5BA730-1650-4CD6-8033-AE7B90F2242F", "vulnerable": true}, {"criteria": "cpe:2.3:a:jboss:jboss_application_server:3.2.8.sp1:*:*:*:*:*:*:*", "matchCriteriaId": "A496B6B5-C331-4354-9538-51704BC172A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:jboss:jboss_application_server:3.2.8_final:*:*:*:*:*:*:*", "matchCriteriaId": "42EC3FC8-D370-4EA3-8FC5-CB8671A669B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:jboss:jboss_application_server:4.0.0_final:*:*:*:*:*:*:*", "matchCriteriaId": "C467186E-74BB-4CC6-A4AA-144DA3A2B0C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:jboss:jboss_application_server:4.0.1_final:*:*:*:*:*:*:*", "matchCriteriaId": "9D678E52-DEE5-4A77-9504-5E62F9A6E61A", "vulnerable": true}, {"criteria": "cpe:2.3:a:jboss:jboss_application_server:4.0.1_sp1:*:*:*:*:*:*:*", "matchCriteriaId": "5EC7B567-CACB-4F07-BE1D-E7420060C4E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:jboss:jboss_application_server:4.0.2_final:*:*:*:*:*:*:*", "matchCriteriaId": "8C763991-3D3C-40A9-ADA1-1BCD70491224", "vulnerable": true}, {"criteria": "cpe:2.3:a:jboss:jboss_application_server:4.0.3_final:*:*:*:*:*:*:*", "matchCriteriaId": "3D381E62-7EBD-4F40-92B4-C967C82BBEBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:jboss:jboss_application_server:4.0.4.ga:*:*:*:*:*:*:*", "matchCriteriaId": "B0F232BE-9181-4B28-B9ED-C947BCB754DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:jboss:jboss_application_server:4.0.5.ga:*:*:*:*:*:*:*", "matchCriteriaId": "2559DFD5-A230-467E-A720-7AE7FA9309CD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en la clase JBoss Application Server (jbossas) 3.2.4 hasta 4.0.5 permite a usuarios remotos validados leer o modificar archivos y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n, a trav\u00e9s de vectores no especificados en el administrador de consola."}], "id": "CVE-2006-5750", "lastModified": "2018-10-17T21:44:37.393", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-11-27T20:07:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"}, {"source": "secalert@redhat.com", "url": "http://jira.jboss.com/jira/browse/ASPATCH-126"}, {"source": "secalert@redhat.com", "url": "http://jira.jboss.com/jira/browse/JBAS-3861"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/23095"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/23984"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24104"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/29726"}, {"source": "secalert@redhat.com", "url": "http://securitytracker.com/id?1017289"}, {"source": "secalert@redhat.com", "url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/30767"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.redhat.com/support/errata/RHSA-2006-0743.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/452830/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/452862/100/100/threaded"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/21219"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2006/4724"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2006/4726"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2007/0554"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2008/1155/references"}, {"source": "secalert@redhat.com", "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2006:0743", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "jbossas-0:4.0.4-1.el4s1.25", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2006-11-27T00:00:00Z"}], "bugzilla": {"description": "security flaw", "id": "1618224", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618224"}, "csaw": false, "details": ["Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager."], "name": "CVE-2006-5750", "public_date": "2006-11-27T14:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2006-5750\nhttps://nvd.nist.gov/vuln/detail/CVE-2006-5750"], "threat_severity": "Critical"}